You need this upgrade if you want to fix security problems in Linux Kernel and other software used in the firmware. The latest Fon 2.3.8.0_beta1 firmware was released in October 2014 and the OpenWrt 15.05.1 firmware was released in September 2015.
Note: As of 30/04/2016, the installation steps below for flashing OpenWrt were tested successfully for flashing Fonera 2.0n device with Fon 2.3.8.0 beta 1 firmware to OpenWrt 15.05.1 firmware for Fonera 2.0n.
1) Flash an official developer image.
1.1) Download the .tgz
(latest is FON2303_2.3.8.0_beta1_DEV.tgz). Alternatively, a mirror of the file can be found here: FON2303_2.3.8.0_beta1_DEV.tgz
1.2) Upload it through http://fonera/luci/fon_admin/fon_system
(Dashboard>>Settings>>System on the Web Interface).
2) Connect to the Fonera via SSH. Password is the same used for the Web Interface (default: admin):
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=ssh-rsa -oCiphers=aes128-cbc root@192.168.10.1
The various -o
options are needed because the Fonera firmware uses an old SSH version which uses algorithms that are no longer enabled by default in modern SSH versions.
3) Download the latest OpenWrt sysupgrade image into /tmp
directory:
# cd /tmp # wget -O openwrt.bin http://downloads.openwrt.org/chaos_calmer/15.05.1/ramips/rt305x/openwrt-15.05.1-ramips-rt305x-fonera20n-squashfs-sysupgrade.bin
4) Flash
# mtd -r write openwrt.bin image
After starting the flashing, you get the following messages :
Unlocking image ... Writing from openwrt.bin to image ... [w] Rebooting ... Connection to 192.168.10.1 closed by remote host. Connection to 192.168.10.1 closed.
Source: https://fonera.tsaitgaist.info/doku.php?id=flash2.0n#ssh and http://trac.fonosfera.org/fon-ng/wiki/sshflash.
5) Move to a new IP address range
After Fonera 2.0n rebooting and up, if necessary, change the configuration (for your router or other means) to move your LAN devices with 192.168.10.x range IP address to an 192.168.1.x range IP address. Restart your computer and your Fonera 2.0n to take in account this change and take a new IP address.
6) First connect to your OpenWrt device and change the password.
Follow the steps here: OpenWrt – First Login
7) Install a web interface to manage your OpenWrt device.
To install LuCi interface (initial install or after an upgrade):
# opkg update # opkg install luci-ssl # /etc/init.d/uhttpd start # /etc/init.d/uhttpd enable
Go with your web browser to the following URL https://192.168.1.1
and check if you can see the Luci login page.
Login : root
Password : the password that you choose at step 6).
Source : luci.essentials
8) Secure wifi signal
By default, the OpenWrt wifi signal is not secure.
In the Luci web user interface, in the menu, go to “Network” > “Wifi” > Click on the “Edit” button > In “Interface Configuration”, click on “Wireless Security” tab > In “Encryption” scroll list, choose an WPA or WPA2 encryption > Click on the button “Save & Apply”.
Note : DO NOT USE the WEP security algorithm, it is not secure. To help you to choose between WPA and WPA2 options : Wi-Fi_Protected_Access
Note 2 : If you can, disable the WPS (Wi-Fi Protected Setup) feature available for WPA and WPA2. It's a big security hole.
9) Use the Wifi frequencies allowed for your country
In the Luci web user interface, in the menu, go to “Network” > “Wifi” > Click on the “Edit” button > In “Device Configuration”, click on “Advanced Settings” tab > In “Country Code” scroll list, choose your country > Click on the button “Save & Apply”.
10) Tip to allow connexion to Fonera 2.0n for old device without Wifi N support.
In the Luci web user interface, in the menu, go to “Network” > “Wifi” > Click on the “Edit” button > In “Device Configuration” part, for the “Operating frequency” line > select “Legacy” in the “Mode” scrolling list > Click on the button “Save & Apply”.
11) Install the good translation for your language (optionnal).
The basic LuCI web user interface is in English. If you want LuCI web user interface in your language, you need to install a package.
For a list of translation available packages, do
opkg list | grep luci-i18n-
The mimimum translation package for Luci is luci-i18n-base-xx where xx is the ISO code for your language. For exemple, to have the french translation :
opkg install luci-i18n-base-fr
and then refresh the Luci web page and you can see Luci in your language.
12) Improve the security by improving the security for your router's access : Secure your router's access
13) Improve your knowledge about OpenWrt : Welcome to OpenWrt
FON2303 uses U-Boot bootloader (FON2202 uses RedBoot).
If the Fonera stops working, is not accessible through the web interface or SSH, then there is still the restore option.
1) To start the bootloader u-boot, hold the reset button while powering on.
The POWER and USB LED will go on. give your interface an IP in 192.168.1.0 (no DHCP).
Fonera has IP 192.168.1.6.
$ ifconfig eth0 192.168.1.231
2) Send the image (OpenWRT squashfs-factory version)
$ tftp 192.168.1.6 tftp> binary tftp> put openwrt-ramips-rt305x-fonera20n-squashfs-factory.bin tftp> quit
3) Wait for it to flash and restart (power led blinking while starting).
If the image is wrong, the USB LED will blink and you need to powercycle the Fonera to try again.
4) Connect by telnet and set root password
$ telnet 192.168.1.1 # passwd
You need this upgrade if you want to fix security problems in Linux Kernel and other software used in the firmware. The latest OpenWrt 15.05.1 firmware was released in September 2015 and the LEDE 17.01.4 firmware was released in October 2017.
The latest LEDE release have improvements for the Wifi security hole with WPA ( KRACK attack) : notes-17.01.4
Specific steps for Fonera 2.0n based on the generic documentation “Sysupgrading an existing OpenWrt/LEDE device from the web admin GUI” : sysupgrade.luci
1) Download the file lede-17.01.4-ramips-rt305x-fonera20n-squashfs-sysupgrade.bin as shown in above table.
2) Go at web management user interface for OpenWrt : https://192.168.1.1/cgi-bin/luci
and connect on it with the root account.
3) In OpenWrt menu, go in System \ Backup - Flash Firmware, and next go in Backup / Restore part, click on “Generate Archive” button and save the file on your computer
4) Uncheck/clear the “Keep settings” checkbox
5) In the “Flash new firmware image” part, click on “Browse” button to select the image file, then click on the “Flash image…” button. This displays a “Flash Firmware - Verify“ page, containing a SHA256 checksum of the image file just uploaded to the router.
6) Check that the firmware-checksum displayed on the web GUI matches the SHA256 checksum from the OpenWrt/LEDE download page (Note OpenWrt 15.05.1 web GUI show only a md5 checksum).
(SHA256 checksum a1f3479f6c44c0ff4389f08de5c006532fed59f9f232c83f820a3600cfeb5ba2 or md5sum checksum 5d0559a0986c7643ee7bf6cedd7c0f2a for the file lede-17.01.4-ramips-rt305x-fonera20n-squashfs-sysupgrade.bin ).
If it does not match, do NOT continue, as it is a corrupt file and will likely brick your device.
7) If the checksum is OK, click on the “Proceed” button. After this click, you can see a webpage with the following message :
“System - Flashing...
The system is flashing now.
DO NOT POWER OFF THE DEVICE!
Wait a few minutes before you try to reconnect. It might be necessary to renew the address of your computer to reach the device again, depending on your settings.
Loading Waiting for changes to be applied...
This starts the “System - Flashing …” along with a spinning wheel and “Waiting for changes to be applied…”
8) Wait several minutes. The router uploads the firmware image and write it into its flash ROM and finally reboots.
9) After your device has finished rebooting, check if you can access the login page for the web admin GUI of OpenWrt/LEDE on it's default IP: http://192.168.1.1
10) By default, the administration root account is empty. Go to http://192.168.1.1/cgi-bin/luci/admin/system/admin
(with login root and password empty), and in Router Password part to set a password. Click on the “Save and Apply” button.
11) Secure wifi signal
By default, the OpenWrt/LEDE wifi signal is not secure.
In the Luci web user interface, in the menu, go to “Network” > “Wireless” > Click on the “Edit” button > In “Interface Configuration”, click on “Wireless Security” tab > In “Encryption” scroll list, choose an WPA or WPA2 encryption > Click on the button “Save & Apply”.
Note : DO NOT USE the WEP security algorithm, it is not secure. To help you to choose between WPA and WPA2 options : Wi-Fi_Protected_Access
Note 2 : If you can, disable the WPS (Wi-Fi Protected Setup) feature available for WPA and WPA2. It's a big security hole.
12) Use the Wifi frequencies allowed for your country
In the Luci web user interface, in the menu, go to “Network” > “Wireless” > Click on the “Edit” button > In “Device Configuration”, click on “Advanced Settings” tab > In “Country Code” scroll list, choose your country > Click on the button “Save & Apply”.
13) Tip to allow connexion to Fonera 2.0n for old device without Wifi N support.
In the Luci web user interface, in the menu, go to “Network” > “Wireless” > Click on the “Edit” button > In “Device Configuration” part, for the “Operating frequency” line > select “Legacy” in the “Mode” scrolling list > Click on the button “Save & Apply”.
14) Update the software list to install new software or the software translation for your language.
In the Luci web user interface, in the menu, go to “System” > “Software” > Click on the “Update Lists” button. You can see this button with the text “No Package Lists available” near it only if you have not clicked on this button since the OpenWrt/LEDE release installation.
15) Install the good translation for your language (optionnal).
The basic LuCI web user interface is in English. If you want LuCI web user interface in your language, you need to install a package.
For a list of translation available packages, do the step 14)
Next In the Luci web user interface, in the menu, go to “System” > “Software” > In the empty field near “Filter:”, fill the text luci-i18n- , click on the button “Find package”, click on the “Available packages tab”.
The mimimum translation package for Luci is luci-i18n-base-xx where xx is the ISO code for your language. For exemple, to have the french translation :
Click on the “Install” text near the line luci-i18n-base-fr
and then refresh the Luci web page and you can see Luci in your language.
Here is a comment found in the kernel source code of OpenWrt:
/* * HW limitations for this switch: * - No large frame support (PKT_MAX_LEN at most 1536) * - Can't have untagged vlan and tagged vlan on one port at the same time, * though this might be possible using the undocumented PPE. */
So users of IPTV that would like to put the fonera between the ADSL modem and the video player (e.g. the freebox revolution) cannot do that as the port of the modem needs to be at the same time untagged for the internet traffic and tagged for IPTV (freebox: VLAN 100).
As reported here